Slashdot Mirror

← Back to Stories (view on slashdot.org)

Extremely Critical IE6/SP2 Exploit Found

Posted by timothy on from the but-don't-worry-they're-on-it dept.

Spad writes "Secunia is reporting on three vulnerabilities in IE6 running on XP SP2. Any of these, in combination with an inappropriate behaviour where the ActiveX Data Object (ADO) model can write arbitrary files, can be exploited to compromise a user's system. Moreover, the vulnerability can be used to delete files from the user's system. Secunia says 'Solution: Use another product.'"

10 of 595 comments (clear)

  1. liars! by Anonymous Coward · · Score: -1, Troll

    this can't be true - there's never been a critical flaw in my internet! Why would the internet delete files off my computer?

  2. Nothing to see here.... by still_sick · · Score: 0, Troll

    Secunia Advisory: SA12889
    Release Date: 2004-10-20
    Last Update: 2005-01-07

    [...]

    2005-01-07: Increased rating. Added link to test. Updated "Description" and "Solution" sections

    OH MY GOD, THEY INCREASED THE RATING OF A THREE MONTH OLD BUG!!!! THIS IS TOTALLY FRONT-PAGE NEWS AND NOT AT ALL FLAMEBAIT!!!!

    --
    ...Also, I didn't know Buggalo could fly.
  3. :o OMG by baadger · · Score: -1, Troll

    I haven't been this shocked since the tsunami

  4. Is anyone still using IE? by Chromodromic · · Score: 1, Troll

    Yeah, well, I guess corporate IT depts are probably struggling with mgmt to implement company-wide changeovers, especially for all those companies that are Microstooges and have big service and standardization contracts, yadda yadda yadda. But for all you individuals out there who aren't experiencing the Browsing Bliss that is Firefox, preferring IE to downloading a small file and doing a simple install, well, I don't pity you any more than anyone who walks into a dynamite factory and says, "Man, it's dark, anyone got a match?"

    --
    Chr0m0Dr0m!C
  5. Secunia? by clinko · · Score: -1, Troll

    Great, a no name company says something... Seriously don't post shit from "companies" that are just 1 guy ranting...

    1. Domain is less than 3 years old
    2. Registered by DIRECTNIC (15/yr. domain seller) and isn't setup on real dns servers
    3. admin, tech & Registrant are Kristensen, Thomas's APARTMENT

    apparently security is this guy's focus, but doesn't mind being "0wn3d" by WHOIS

    Registrant:
    Secunia ApS
    Toldbodgade 37B
    Copenhagen, CPH 1253
    DK
    45 7020 5144

    Domain Name: SECUNIA.COM

    Administrative Contact:
    Kristensen, Thomas tk@secunia.com
    Toldbodgade 37B
    Copenhagen, CPH 1253
    DK
    45 7020 5144

    Technical Contact:
    Kristensen, Thomas tk@secunia.com
    Toldbodgade 37B
    Copenhagen, CPH 1253
    DK
    45 7020 5144

    Record last updated 05-06-2004 01:07:26 AM
    Record expires on 08-16-2007
    Record created on 08-16-2002

    Domain servers in listed order:
    NS0.DIRECTNIC.COM 204.251.10.100
    NS1.DIRECTNIC.COM 206.251.177.2

  6. Re:Mac by Anonymous Coward · · Score: -1, Troll

    faggot

  7. Homo by Anonymous Coward · · Score: -1, Troll

    " /hug ibook"

    And you wonder why we make fun of Mac fanboyz.

    Cripes...its one thing to use a computer, its another to treat it like a pet. And another to display it on a public forum. Guys don't write things like "/hug". Its so queer on at least 2 levels. It really makes my skin crawl.

    No wonder Stevie J can give it to you in the can, and you just *smile*.

  8. Idiotic alarmist reaction - Fixed BY DEFAULT by njyoder · · Score: 0, Troll

    I just tested on IE6 SP1 which hasn't been patched for a year or so and the DEFAULT SECURITY SETTINGS prevented the exploit from running. Microsoft wins, moronic linux zealots who have no idea what they're talking about lose. Really, are you going to fault a company for the default security settings, the settings which most people have set, for WORKING PROPERLY?

  9. Re:Heh by Marthisdil · · Score: -1, Troll

    ...But one with proper security controls put in place like a good virus scanner/firewall/IE settings/anti spyware and creating a non-admin user for web browsing will not be affected. And a car with the wheels nailed to the ground, the doors welded...

    Yeah, and your linux box is just oh so secure...Please....there's just as many, fi not more, Linux security holes out there - but not too many say anything - why? Because hardly anyone uses it compared to Windows....Gimme an f'n break you fanboi.

  10. Re:Heh by l3v1 · · Score: 1, Troll

    [...]they leaved it unpatched? Why?[...]

    Questions, questions. Patching doesn't bring money fast you know, like buying up an antispyware company, giving away their/our software then charge for the updates.

    Microsoft brains doesn't work like our humble ones. We seek logic, practicality, usability, security, they seek revenue. These don't always overlap.

    --
    I am putting myself to the fullest possible use, which is all I can think that any conscious entity can ever hope to do.